The nature of cybersecurity has changed fundamentally in the last five to ten years, presenting significant new problems to organizations that operate computer systems in a networked environment. The computer systems that contain an organization's most sensitive data—the “crown jewel” data—are increasingly connected to the wider world in a variety of new ways.
Few organizations have a clear picture of what their crown jewel data comprises, or all the places it may be stored. In general, crown jewel data is data that can significantly harm the organization if it has been viewed, stolen, changed, deleted or otherwise used without permission by an unauthorized individual.
Crown jewel data and its sensitivity will vary by organization, but examples include: customer payment card information, patient health information, banking information, personally identifiable information, trade secrets and other intellectual property, confidential financial information, regulatory or other material disclosures, payroll data, and executive e-mail.
Every organization may have other data that is less sensitive than crown jewel data. In many cases, crown jewel data may represent only a very small fraction of the total data managed and stored within the organization. Securing all data in the same manner as crown jewel data, while possible, can be wasteful and inefficient, both in terms of cost and also from a computing resource perspective. By identifying crown jewel data and possible risks of exposure, targeted protections can be implemented that make the most efficient use of available resources.